NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Intrusion Detection Solution



FWIW I run Snort as well, inside and outside the FW. I use the ACID front end which uses PHP to grab data from a mysql database and it really IMHO makes the program extremely useable this way. Start with a top level # of total alerts, unique alerts total or for today, breakdown by protocol, how many hosts tried to hit how manhy of your hosts..  and drill down to the actual packets for more info. It just rated 3rd in a Network Computing (?) feature on NIDS/HIDS packages and I think would have placed higher if Snort bought ads.. just kidding. The constant signature updates are great, the language is easy to suss and there are vendors out there (Private I for one) who say they are going to be able to work with snort soon. 
Yes, you have to DIY a bit, but if I can do it, anyone can. If you need the windows port, go to www.silicondefense.com and look up the "how to" for windows users. It literally could not be any easier to do. And it works great.
(sorry for the spam, but I like it that much!)

-Joe

<<< "Cepeda, Josh" <[email protected]>  8/31  5:30p >>>
I use Snort. You may want to check it out. Its free and they have an active
mailing list. I run the Unix version but there is a Windows NT port. Here is
the link.
 
http://snort.sourcefire.com/downloads.html
<http://snort.sourcefire.com/downloads.html> 
 
 
Download: snort-win32
-----Original Message-----
From: Mack, Don [mailto:[email protected]]
Sent: Tuesday, August 28, 2001 8:40 AM
To: [email protected]
Subject: [FW1] Intrusion Detection Solution


We are looking into an Intrusion Detection Solution.  Does anyone know of an
IDS that works well with Check Point FW-1 (and NG) and that also runs on
NT/2000?  We are currently looking at RealSecure, and wanted to know what
other products come recommended. 
 
Don Mack
[email protected] <mailto:[email protected]> 
 
 

                        


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.